[SECURITY | 4 MIN READ] “I love you” is a phrase you should reserve for your loved ones, not your password field! We get it. We love our technology and we can't live without it, but as a managed services provider (MSP) you need to make sure your customers make an effort to stop using “iloveyou” as their password. Let me tell you why.
I hate to break it to you, but “iloveyou” is ranked as the 10th worst password used in 2018, according to a study by Splashdata. To make things even worse, Troy Hunt's Pwned Passwords found that “iloveyou” was used 1.5 million times in exposed data breaches made publicly available. Those data collections represent only a small fraction of what is actually compromised. Imagine how many people use “iloveyou” today?
Cybersecurity remains a concern. Several big name websites such as Adobe, Tesco, Vodafone, Yahoo, and Xbox 360 have been targeted for data to be either sold, traded, or made publicly available online. In May 2017, Bell Telecommunications in Canada suffered a data breach resulting in the exposure of millions of customer records, such as email addresses, geographic locations, IP addresses, job titles, names, passwords, phone numbers, usernames, and more. It was only last year the global hacking group APT10 was targeting MSPs specifically to obtain client network data.Weak passwords are making the bad guys’ lives easier, and this at a time when we should be trying to make things harder for attackers. MSPs need to be saying enough is enough! You can do something special for yours and your customers’ cybersecurity protocols by following these four steps:
- Bring things together with a password and documentation management solution
Give your technicians the rapid access they need to effectively support clients by implementing a secure password and IT documentation solution. This way, privileged access to client knowledge and information can be directly at their fingertips.
- Implement a multifactor authentication solution (MFA)
Double-up on your security by implementing a secondary device push-notification, call, SMS, or biometric identity access to your accounts. This will help ensure the user is the person they say they are!
- Partner your accounts with strong passwords
Automatically generate strong password strings that are different for all of your accounts. Do not reuse a previous password. It is best practice to use length rather than complexity to make your password harder to crack. Using three to four random words strung together, creating 16 characters or more, is ideal.
- Spend quality time maintaining your passwords
Every account should have a different password, stored in one spot. Using a management tool will allow an audit trail for who had access to what. If anything goes astray, it is of benefit to the company to be able to track and instantly modify sensitive accounts.
Using these four steps will help to make your security more resilient and your networks harder to hack.
Click here to find out more about how SolarWinds® Passportal can help you secure your systems.
Colin Knox is director of product strategy, SolarWinds Passportal
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.